CVE-2026-33281
Received Received - Intake
Denial of Service via Invalid PDU Session ID in Ella Core

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: GitHub, Inc.

Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33281
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ellanetworks ella_core to 1.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33281 is a vulnerability in Ella Core software versions prior to 1.6.0. It occurs because the software does not properly validate PDU Session IDs in NGAP messages, specifically when these IDs are outside the valid range of 1 to 15.

This improper validation leads to an out-of-range access (CWE-129), causing the software to panic and crash when processing such invalid messages.

An attacker can exploit this by sending specially crafted NGAP messages with invalid PDU Session IDs to the Ella Core process, triggering a crash without needing any authentication.

Impact Analysis

This vulnerability can cause a denial of service by crashing the Ella Core process when it receives NGAP messages with invalid PDU Session IDs.

As a result, all connected subscribers relying on the affected Ella Core instance will experience service disruption.

Since no authentication is required to exploit this vulnerability, an attacker with network access can easily cause this disruption.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for crashes or panics in the Ella Core process when it processes NGAP messages with invalid PDU Session IDs outside the range 1-15.

Since the issue is triggered by crafted NGAP messages, network traffic analysis tools can be used to inspect NGAP messages for invalid PDU Session IDs.

Specific commands are not provided in the available resources, but general approaches include:

  • Using packet capture tools like tcpdump or Wireshark to capture NGAP traffic and filter for PDU Session IDs outside the valid range.
  • Checking system logs or Ella Core logs for panic or crash messages related to NGAP message processing.
Mitigation Strategies

The immediate mitigation step is to upgrade Ella Core to version 1.6.0 or later, where proper validation of PDU Session IDs during NGAP message handling has been implemented to prevent this vulnerability.

Until the upgrade can be applied, consider restricting network access to the Ella Core NGAP interface to trusted sources only, to reduce the risk of receiving crafted malicious NGAP messages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33281. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart